-
1.发明申请公开(公告)号:US20190325451A1
公开(公告)日:2019-10-24
申请号:US16455937
申请日:2019-06-28
Applicant: EMC IP Holding Company LLC
Inventor: Boris Gorelik , Marcelo Blatt , Liron Liptz , Yael Villa , Alon Kaufman
IPC: G06Q20/40
Abstract: A method of protecting a computer system from fraudulent use includes collecting and aggregating sets of risk predictor values for user-initiated events into user-specific aggregations and organization-wide aggregations, and in response to a current event initiated by a user, generating a risk indicator as a combination of a user-specific indicator and an organization-wide indicator based on current event parameters and the user-specific and organization-wide aggregations. Based on the risk indicator indicating that the current event may be a fraudulent use, a protective control action is taken (such as denying or modifying a requested access) to protect the computer system.
-
公开(公告)号:US10367835B1
公开(公告)日:2019-07-30
申请号:US15192347
申请日:2016-06-24
Applicant: EMC IP Holding Company LLC
Inventor: Kineret Raviv , Dan Karpati , Eyal Kolman , Ofri Mann , Alon Kaufman
IPC: H04L29/06
Abstract: Methods and apparatus are provided for detecting suspicious network activity by new devices. An exemplary method comprises: obtaining network event data for a given entity that comprises a user or a user device; determining a number of distinct other entities associated with the given entity during a predefined short time window, wherein the distinct other entities comprise user devices used by the user if the given entity comprises a user and comprise users of the user device if the given entity comprises a user device; determining a number of distinct other entities associated with the given entity during a predefined longer time window; and assigning a risk score to the given entity based on (i) the number during the predefined short time window relative to the number during the predefined longer time window, and/or (ii) the number during the predefined short time window relative to a predefined number.
-
公开(公告)号:US09917820B1
公开(公告)日:2018-03-13
申请号:US14753443
申请日:2015-06-29
Applicant: EMC IP Holding Company LLC
Inventor: Eyal Kolman , Alon Kaufman
CPC classification number: H04L63/0471 , G06F17/30545 , G06F21/6218
Abstract: Techniques of information sharing involve processing queries from exchanges with multiple, non-colluding servers. Along these lines, each server stores a share of the query data such that readable query data may be reproduced only through combining the shares stored on a minimum number of the servers. In addition, a client wishing to submit a query encrypts any query input as well as a query function that provides an answer to the query. The client then sends a portion of the garbled query function to each of the servers. Each of the servers then evaluates their respective portion of the garbled query function using Yao's protocol in a serial manner so that one of the servers produces a garbled output. The client then determines the answer to the query by decoding the garbled output.
-
公开(公告)号:US11373189B2
公开(公告)日:2022-06-28
申请号:US16455937
申请日:2019-06-28
Applicant: EMC IP Holding Company LLC
Inventor: Boris Gorelik , Marcelo Blatt , Liron Liptz , Yael Villa , Alon Kaufman
Abstract: A method of protecting a computer system from fraudulent use includes collecting and aggregating sets of risk predictor values for user-initiated events into user-specific aggregations and organization-wide aggregations, and in response to a current event initiated by a user, generating a risk indicator as a combination of a user-specific indicator and an organization-wide indicator based on current event parameters and the user-specific and organization-wide aggregations. Based on the risk indicator indicating that the current event may be a fraudulent use, a protective control action is taken (such as denying or modifying a requested access) to protect the computer system.
-
公开(公告)号:US10587596B1
公开(公告)日:2020-03-10
申请号:US15086528
申请日:2016-03-31
Applicant: EMC IP Holding Company LLC
Inventor: Carmit Sahar , Eyal Kolman , Alon Kaufman
IPC: H04L29/06
Abstract: Techniques of authenticating a new user involve classifying a new user as a member of a group based on the new user's current activity. Along these lines, when a new user enrolls in an authentication system, the authentication system places the new user in a group of new users that have not made any requests and are assumed to be high risks of making fraudulent requests. Once the new user makes a request to access a resource, the authentication system classifies the new user as a member of another group according to authentication factors describing activities surrounding the request.
-
Patent Agency Ranking
公开(公告)号:US20200034831A1
公开(公告)日:2020-01-30
申请号:US16539394
申请日:2019-08-13
Applicant: EMC IP Holding Company LLC
Inventor: Marcelo Blatt , Alon Kaufman , Yael Villa
IPC: G06Q20/38
Abstract: An improved technique involves including implicit feedback inferred from a fraud analyst's actions into a fraud detection model tuning process. Along these lines, as part of a tuning process, an authentication server sends electronic transactions carrying a certain amount of risk to a case management center in which fraud analysts investigate the electronic transactions to verify whether the transactions are fraudulent or non-fraudulent. In addition to receiving this explicit feedback from the case management center, however, the authentication server also receives implicit feedback indicative of attributes of the fraud analysts themselves. The authentication server then inputs these implicit feedback parameter values into a fraud detection model tuning engine that tunes the fraud detection model.
-
公开(公告)号:US10467403B1
公开(公告)日:2019-11-05
申请号:US13931135
申请日:2013-06-28
Applicant: EMC IP Holding Company LLC
Inventor: Marcelo Blatt , Alon Kaufman , Yael Villa
IPC: G06F21/50
Abstract: Methods and apparatus are provided for evaluating the classification performance of different risk engine models. A classification performance of an authentication method is evaluated by obtaining performance data for an authentication method; generating a receiver operating characteristic (ROC) curve for the obtained performance data; determining a partial area under the curve (pAUC) for a region of interest of the ROC curve; and providing a performance score for the authentication method based on the pAUC. The region of interest comprises, for example, a region of false positives. The pAUC is optionally standardized using a McClish Transformation. The performance score for the authentication method can be compared to a second performance score for a second authentication method. A confidence level can optionally be provided for the comparison based on a natural test statistic.
-
公开(公告)号:US11334878B2
公开(公告)日:2022-05-17
申请号:US16539394
申请日:2019-08-13
Applicant: EMC IP Holding Company LLC
Inventor: Marcelo Blatt , Alon Kaufman , Yael Villa
Abstract: An improved technique involves including implicit feedback inferred from a fraud analyst's actions into a fraud detection model tuning process. Along these lines, as part of a tuning process, an authentication server sends electronic transactions carrying a certain amount of risk to a case management center in which fraud analysts investigate the electronic transactions to verify whether the transactions are fraudulent or non-fraudulent. In addition to receiving this explicit feedback from the case management center, however, the authentication server also receives implicit feedback indicative of attributes of the fraud analysts themselves. The authentication server then inputs these implicit feedback parameter values into a fraud detection model tuning engine that tunes the fraud detection model.
-
公开(公告)号:US10921167B1
公开(公告)日:2021-02-16
申请号:US14865472
申请日:2015-09-25
Applicant: EMC IP Holding Company LLC
Inventor: Carmit Sahar , Marcelo Blatt , Alon Kaufman , Roni Frumkes
Abstract: Methods and apparatus are provided for validating event scenarios using reference readings obtained from a plurality of sensors associated with one or more predefined event scenarios. If a reading from a first sensor satisfies a reference reading of the first sensor for at least one identified scenario in a scenario library, at least one additional sensor is identified from the identified scenario and a reading is obtained from the additional sensors. The identified scenario is validated when the readings of the additional sensors satisfy the reference reading for the additional sensors from the identified scenario. A confidence level is optionally determined based on the readings of the sensors in the identified scenario. The readings of the sensors are optionally monitored over time to update the confidence level of the identified scenario.
-
公开(公告)号:US10129276B1
公开(公告)日:2018-11-13
申请号:US15083899
申请日:2016-03-29
Applicant: EMC IP Holding Company LLC
Inventor: Kineret Raviv , Carmit Sahar , Eyal Kolman , Shay Amram , Alon Kaufman
Abstract: Methods and apparatus are provided for identifying suspicious domains using common user clustering. An exemplary method comprises obtaining network event data comprising a plurality of network connections; identifying users and domains associated with the network connections in the network event data; creating a connection between each user/domain pair that communicate with one another in the identified users and the identified domains to generate a graph; connecting domains in the graph using inter-domain edges that share common users to obtain a graph of interconnected domains; identifying bi-connected components in the graph of interconnected domains, wherein the bi-connected components comprise node pairs having at least two paths in the graph of interconnected domains between them; and processing the bi-connected components to identify a plurality of suspicious domains that are likely to participate in a computer security attack. The graph of interconnected domains is optionally pruned and/or filtered to remove one or more inter-domain edges.
-
-
-
-
-
-
-
-
-
Search Results
10
records
(took 0.027 seconds)
